Avid Pro Audio Community

Avid Pro Audio Community

How to Join & Post  •  Community Terms of Use  •  Help Us Help You

Knowledge Base Search  •  Community Search  •  Learn & Support


Avid Home Page

Go Back   Avid Pro Audio Community > Pro Tools Software > Windows

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-31-2018, 12:48 PM
The Weed's Avatar
The Weed The Weed is offline
Member
 
Join Date: Jul 2001
Location: Toronto, Ontario, Canada
Posts: 7,146
Default iHELPERPC Ransomware...

I believe this is brand new ransomware. If you've heard of it and know how to defeat it, please let me know. Fortunately it's not my computers that have been affected.

Yesterday a friend's production computer became infected. Every file is encrypted with the extension .ihelperpc after the legitimate extension. Every folder has an html file with the Ransomware note. Even his images are now encrypted.

After copying off any files he hopes to eventually decrypt he will be formatting the drives and reinstalling Windows 7. (He's stuck there because he has a Delta 1010 soundcard and Adobe Audition 3.0) Not sure when the last time his Windows 7 was patched and he wasn't running any anti-virus protection.

Because of this I now have a new backup mantra: If it's not connected it can't be infected.

Nightly, I plan to check I'm not infected, then plug in external drive, image to it, turn the computer off and unplug the external drive. That drive won't be plugged in again until the next night or I need to restore an image from it.

Yes, I know that should have been my backup strategy from the get go, but it is what it is: A cautionary tale.
__________________
Take your projects to the next level with a
non-union national read at reasonable rates
Demos: brucehayward dot com
SonoBus
Source-Connect: brucehayward
Options for Remote Direction
Reply With Quote
  #2  
Old 05-31-2018, 01:42 PM
DonaldM's Avatar
DonaldM DonaldM is offline
Member
 
Join Date: Nov 2007
Location: Indiana
Posts: 4,588
Default Re: iHELPERPC Ransomware...

Have you seen this from Avast on how to remove ransomware?
__________________
"Never believe anything you hear in a song." Tyrion Lannister, Game of Thrones
Owner: Dragon Rock Productions LLC


Reply With Quote
  #3  
Old 05-31-2018, 02:33 PM
gnjlee gnjlee is offline
Member
 
Join Date: Jun 2006
Location: Placitas, New Mexico
Posts: 239
Default Re: iHELPERPC Ransomware...

Quote:
Originally Posted by The Weed View Post
I believe this is brand new ransomware. If you've heard of it and know how to defeat it, please let me know. Fortunately it's not my computers that have been affected.

Yesterday a friend's production computer became infected. Every file is encrypted with the extension .ihelperpc after the legitimate extension. Every folder has an html file with the Ransomware note. Even his images are now encrypted.

After copying off any files he hopes to eventually decrypt he will be formatting the drives and reinstalling Windows 7. (He's stuck there because he has a Delta 1010 soundcard and Adobe Audition 3.0) Not sure when the last time his Windows 7 was patched and he wasn't running any anti-virus protection.

Because of this I now have a new backup mantra: If it's not connected it can't be infected.

Nightly, I plan to check I'm not infected, then plug in external drive, image to it, turn the computer off and unplug the external drive. That drive won't be plugged in again until the next night or I need to restore an image from it.

Yes, I know that should have been my backup strategy from the get go, but it is what it is: A cautionary tale.
Having a combination of offline and cloud backups are your safest bet. Some ransomware attacks cloud data as well, so you might want to check with your cloud provider to see if they do any backups of your cloud data.

Also do not surf the web or check email on your production machine, and never run with admin privileges. Make sure your surfing machine doesn't have R/W access to data shares.

You MAY want to put your production and storage machines on a separate network.

It is getting very very ugly even having an internet connection.
Reply With Quote
  #4  
Old 05-31-2018, 04:45 PM
The Weed's Avatar
The Weed The Weed is offline
Member
 
Join Date: Jul 2001
Location: Toronto, Ontario, Canada
Posts: 7,146
Default Re: iHELPERPC Ransomware...

Checked online for the Avast and AVG decryption tools, but no one has anything listed for ihelperpc yet.

And yes, it's becoming a very nasty, interconnected world.
__________________
Take your projects to the next level with a
non-union national read at reasonable rates
Demos: brucehayward dot com
SonoBus
Source-Connect: brucehayward
Options for Remote Direction
Reply With Quote
  #5  
Old 06-03-2018, 10:48 AM
The Weed's Avatar
The Weed The Weed is offline
Member
 
Join Date: Jul 2001
Location: Toronto, Ontario, Canada
Posts: 7,146
Default Re: iHELPERPC Ransomware...

An FYI: I just found out that the paid version of Macrium Reflect has Macrium Image Guardian, which is supposed to protect an image from being encrypted by Ransomware. Even though I have the paid version on all 3 of my computers, I still plan to image to external drives and then unplug them.
__________________
Take your projects to the next level with a
non-union national read at reasonable rates
Demos: brucehayward dot com
SonoBus
Source-Connect: brucehayward
Options for Remote Direction
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ransomware attacks through Flash unkJE General Discussion 7 05-24-2016 08:26 AM


All times are GMT -7. The time now is 04:29 AM.


Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com